#meta 2017-07-17

2017-07-17 UTC
tantek, eli_oat, j12t, [miklb], sl007, [ciudadanob], [pfefferle], Lucaconti, fferf, [shanehudson], eli_oat1 and [chrisaldrich] joined the channel
# 16:11 
Zegnat What is IndieAuth?
# 16:11 
Loqi IndieAuth is a way to use your own domain name to sign in to websites — it's like OpenID, but works with services you likely already use, and is much easier to setup https://indieweb.org/IndieAuth
# 16:11 
Zegnat That description (“works with services you likely already use”) seems to suggest IndieAuth must include RelMeAuth in some way?
# 16:22 
schmarty Zegnat: good catch - IndieAuth-the-protocol doesn't require RelMeAuth
# 16:23 
schmarty but I would argue that IndieAuth.com relies primarily on RelMeAuth
# 16:26 
aaronpk indieauth.com is mostly an abstraction around relmeauth
j12t joined the channel
# 16:26 
schmarty maybe ben would donate thatmustbe.me to rename indieauth.com
# 16:27 
schmarty ;}
# 16:27 
aaronpk ha
eli_oat and [chrisaldrich] joined the channel
# 16:44 
Zegnat schmarty, it depends if we want IndieAuth-the-building-block to include RelMeAuth or not. We write its definition so it is up to us.
# 16:45 
Zegnat I think deciding the scope of what is IndieAuth would help greatly for rewriting the wiki page to be more focused.
# 16:46 
aaronpk i've been imagining the OAuth 2 extension spec being named IndieAuth, but am realizing that most people think of IndieAuth as the part that lets you authenticate with twitter/github/etc
# 16:46 
schmarty Zegnat: my understanding of IndieAuth-the-protocol is that it only requires authorization endpoint for identification, token endpoint for authorization. indieauth.com is an implementation of that which wraps RelMeAuth.
# 16:46 
sknebel what is IndieAuth-the-building-block and how does it relate to Indieauth-(.com)-the-service and Indieauth-the-protocol? :P
# 16:46 
Loqi It looks like we don't have a page for "IndieAuth-the-building-block and how does it relate to Indieauth-(.com)-the-service and Indieauth-the-protocol" yet. Would you like to create it?
# 16:46 
aaronpk heh
# 16:46 
sknebel I'd follow schmarty's definition
# 16:48 
Zegnat Reading that definition though: “token” for “authorization” and “authorization” for “identification”. </3
j12t joined the channel
# 16:51 
schmarty Zegnat: that confuses me as well. "authentication-endpoint" makes more sense to me.
# 16:52 
Zegnat The endpoint also supplies scope tokens for authorisation. It is multipurpose.
# 16:52 
Zegnat The token endpoint is just incharge of then exchanging those for actual-real-access-tokens
# 16:53 
schmarty ahh, so token endpoint is just the code-to-token conversion step for oauth2?
# 16:54 
aaronpk yeah
# 16:54 
schmarty neato
eli_oat1 joined the channel
# 16:57 
Zegnat IndieAuth is the protocol that allows discovery for an authentication endpoint (and optionally a token endpoint) on any URL, allowing you to sign-in with a URL of your choosing.
# 16:59 
Zegnat Though do the IndieAuth authentication and token endpoint follow the oauth2 endpoints exactly? I seem to recall not, which means the two endpoints would also be specced by the IndieAuth protocol?
[miklb] joined the channel
# 17:00 
aaronpk OAuth core doesn't specify discovery, but there is an extension spec for that
# 17:03 
aaronpk although it's discovery of the endpoints after you already know the authorization server https://tools.ietf.org/html/draft-ietf-oauth-discovery-06#section-2
# 17:03 
aaronpk i guess openid connect discovery is the analogous thing, which uses webfinger http://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery
# 17:07 
Zegnat Yeah, the discovery is definitely what makes IndieAuth protocol different. But what about the endpoints themselves? I know we mirrored e.g. scope and state on OAuth for selfauth. Is an IndieAuth authentication-endpoint === an OAuth authentication-endpoint?
# 17:07 
aaronpk yeah pretty much
# 17:07 
Zegnat That would make IndieAuth really just a specified discovery protocol, and that means we can severely cut down /IndieAuth
# 17:08 
aaronpk which is why we can keep referring to that part of the spec for that part https://tools.ietf.org/html/rfc6749#section-3.1
# 17:08 
aaronpk the IndieAuth spec does a couple things on top of OAuth 2.0 core
# 17:08 
aaronpk 1) specifies discovery of the required endpoints given a profile URL
# 17:09 
aaronpk 2) specifies how token endpoints and authorization endpoints can interoperate
tantek joined the channel
# 17:12 
Zegnat And IndieAuth.com-the-service is an authorization endpoint that wraps RelMeAuth, correct?
# 17:13 
aaronpk it's two things
# 17:13 
aaronpk 1) it's an authorization endpoint that uses relmeauth instead of registration
# 17:13 
aaronpk 2) it's a wrapper around relmeauth that has a protocol that happens to look like an OAuth 2 authorization endpoint
schmarty and [jemostrom] joined the channel
# 18:17 
tantek !tell gRegorlove I think https://indieweb.org/events/2017-07-12-homebrew-website-club looks pretty good for replicating forward to August. What do you think?
# 18:17 
Loqi Ok, I'll tell them that when I see them next
# 18:19 
tantek.com edited /events/2017-07-26-homebrew-website-club (+111) "/* San Francisco */ indie event, FB event, RSVP inline as well" (view diff)
tbbrown, sl007, tantek, tantek_ and eli_oat joined the channel
# 20:14 
ben_thatmustbeme lol "IndieAuth.com-the-service" that sounds like an interesting name  IndieAuth.com-the-service.com
[jeremycherfas], [pfefferle] and [miklb] joined the channel